Home > OS >  Encode URL passed to JSTL list item
Encode URL passed to JSTL list item

Time:12-20

In my tomcat web app, I implemented anti-csrf token like this:

<form method="post" action="<%=response.encodeURL("buy")%>">

So, the URL becomes: http://10.0.0.129:8080/webapp/buy?CSRFToken=3B2D9F4ED12AB2237B690B8E3C4CD234

However, when I have a <c:forEach items="${forsales}" var="forsale">:

<c:forEach items="${forsales}" var="forsale">
<tr>
<td align="center">${forsale.id}</td>
<td align="center"><a href="${forsale.commentUrl}">${forsale.name}</a></td>
<td align="center">${forsale.sellerid}</td>
<td align="center">${forsale.seller}</td>
<td align="center">${forsale.description}</td>
<td align="center"><fmt:formatNumber value="${forsale.price}" type="currency" /></td>
<td align="center">${forsale.stock}</td>
</tr>
</c:forEach>

How to encode <a href="${forsale.commentUrl}">, for the link to include CSRFToken?

CodePudding user response:

Use the JSTL <c:url> instead of scriptlets.

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<a href="<c:url value="${forsale.commentUrl}"/>">${forsale.name}</a>

Page link:https//www.codepudding.com/os/648158.html

Prev:How to nest routers in Go julienschmidt/httprouter?
Next:Why can't I use suspend in daod's @Insert?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding